IBM announced on Dec. 5 that it has agreed to buy Consul Risk Management, a privately held software company specializing in compliance automation, for an undisclosed sum.
Officials at IBM said Consul, which is based in Delft, Netherlands, but also maintains a presence in the United States, will bolster IBMs own compliance and risk management business, specifically by adding new security auditing applications used to monitor, report and investigate corporate IT policy violations.
Company officials indicated that the proposed acquisition remains subject to regulatory approval, but said they expect the deal to close sometime during the first quarter of calendar 2007. If the buyout is approved, Consul will become part of IBMs Tivoli software unit.
IBM, based in Armonk, N.Y., said the acquisition will help forward the companys Service Management initiative by arming it with new data governance and compliance monitoring capabilities across mainframe and distributed computing environments. Consuls products already offer support for IBMs own mainframe technologies.
The Dutch companys software aims to provide customers with an all-inclusive “auditor-in-a-box” that allows a company to test the compliance of its IT system from a single dashboard console. Enterprises continue to struggle to meet the demands of multiple data-handling regulations, including the federal governments Sarbanes-Oxley Act and the growing number of state laws that demand strict management of sensitive customer data, IBM officials said. Companies whose IT administrators can track compliance data from a central interface will be more effective at eliminating potential violations, according to IBM.
Consuls software promises to monitor IT systems for policy infractions and provide real-time alerts to IT executives when information or technology assets are put at risk or sensitive data is being stored or accessed inappropriately. As an example of its capabilities, the company said a firm using the programs could detect when an unauthorized worker logs onto a system containing private customer or corporate information.
In outlining its motivations for acquiring Consul, IBM cited recent research contending that some 86 percent of all internal security incidents are caused by companies most privileged and technical users, such as IT administrators and business consultants. The high-level nature of the incidents illustrates the need for programs that can track nearly every aspect of IT work, regardless of user status, IBM executives said.
“Consul is uniquely capable of rounding out the IBM portfolio to help clients more fully address compliance around access to private information to help reduce risk in their organizations,” Al Zollar, general manager of IBM Tivoli Software, said in a statement. “Together, IBM and Consul will be able to offer integrated security management and powerful user-activity monitoring across the entire IT infrastructure from devices and systems to applications in both traditional and service-oriented architectures.”
The company said Consul also offers mainframe administration technologies that will compliment IBMs existing identity management capabilities. The Dutch companys 350 customers include enterprise stalwarts including Ford Motor, The Kroger Co., Office Depot and Fidelity Bank.
The Consul acquisition represents IBMs latest step in aggressively building out its security and compliance management business. In August 2006, IBM made its most significant investment in the space, acquiring applications maker ISS (Internet Security Systems) for $1.3 billion.
Industry watchers said the Consul acquisition makes particular sense for IBM as part of its effort to further expand the compliance end of its business, much as longtime anti-virus specialist McAfee has worked to gain a stake in the space through its own series of buyouts. And, as with the majority of IBMs acquisitions over the last several years, Consul should also provide IBM with new opportunities for its massive Global Services business unit, experts observed.
“Over the last year IBM has jumped into enterprise security with both feet, and Consul is interesting because it plays well with almost everything they do, from the mainframe to operations management,” said Jon Oltsik, an analyst at Enterprise Strategy Group. “And if you think about it, compliance and managed security all have professional services components; its very typical of IBM to lead with services, as theyre always looking for new ways to drive revenues to that part of their business.”
